<?
/*

    This file is part of Blue Violin.

    Blue Violin is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Blue Violin is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero Public License for more details.

    You should have received a copy of the GNU Affero Public License
    along with Blue Violin.  If not, see <http://www.gnu.org/licenses/>.

    Blue Violin  Copyright (C) 2008  Blue Violin, Inc. & Josh Watts <josh.watts@blueviolin.org>
	For more information, visit http://www.blueviolin.org/

    This program comes with ABSOLUTELY NO WARRANTY.

*/
require_once("Database.php");
require_once("Utility.php");

class Security
{
	var $m_oDatabase;

	function Security()
	{
		$this->m_oDatabase = new Database();
	}

	function Destruct()
	{
		$this->m_oDatabase->Destruct();
	}

// 	 function __construct()
// 	{
// 		$this->objDatabase = new Database();
// 	}

// 	function __destruct()
// 	{
		
// 	}


	function GetLoginID()
	{
// one day we'll return to using session IDs
//
// 		$sSQL = "select login_id " .
// 			"from Sessions " .
// 			"where session_id = '" . $_SESSION["SESSION_ID"] . "'";
// 		$this->m_oDatabase->ExecuteSQL($sSQL);
// 		$aRow = $this->m_oDatabase->NextRow();
// 		$nLoginID = $aRow["login_id"];

		$sSQL = "select login_id " .
			"from Logins " .
			"where GUID = '" . $this->m_oDatabase->EscapeString($_COOKIE["BLUEVIOLIN_ID"]) . "'";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		$nLoginID = $aRow["login_id"];
		return $nLoginID;
	}

	function CreateLogin()
	{
		$sSQL = "select uuid()";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		$sUUID = $aRow["uuid()"];
		$sSQL = "insert into Logins (GUID, CreateDt) values ('" . $sUUID . "', now())";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		setcookie("BLUEVIOLIN_ID", $sUUID, mktime(0, 0, 0, 12, 31, 2015), "/"); 
	}


	function GetEmail()
	{
		$sSQL = "select username " .
			"from Logins " .
			"where GUID = '" . $_COOKIE["BLUEVIOLIN_ID"] . "'";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		if ("" != $aRow["username"])
		{
			return $aRow["username"];
		}
		else
		{
			return "";
		}
	}

	function CheckCookie()
	{
		if (false == isset($_COOKIE["BLUEVIOLIN_ID"]))
		{
			return false;
		}
		$sSQL = "select count(*) " .
			"from Logins " .
			"where GUID = '" . $_COOKIE["BLUEVIOLIN_ID"] . "'";
		$this->m_oDatabase->ExecuteSQL($sSQL);
		$aRow = $this->m_oDatabase->NextRow();
		if (1 == $aRow["count(*)"])
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	
	

	function AuthenticateLogin($sUserName, $sPassword)
	{
		if ("" == $sPassword)
		{
			return false;
		}
		$sSQL = "select * " .
			"from Logins " .
			"where username = '$sUserName' " .
			"and password = md5('$sPassword')";
		$nRows = $this->m_oDatabase->ExecuteSQL($sSQL);
		if (false == $nRows)
		{
			return false;
		}
// 		else if (true == $nRows)
// 		{
// 			return true;
// 		}
		$rsRows = $this->m_oDatabase->NextRow();
		return $rsRows;
	}

// 	function GetPassword($nUserID)
// 	{
// 		try
// 		{
// 			$strSQL = "select password " .
// 				"from login " .
// 				"where user_id = '" . $nUserID . "'";
// 			$nRows = $this->objDatabase->ExecuteSQL($strSQL);
// 			if (false == $nRows)
// 			{
// 				return false;
// 			}
// 			else
// 			{
// 				$aRow = $this->objDatabase->NextRow();
// 				return $aRow["password"];
// 			}
// 		}
// 		catch (Exception $e) {
// 			$objUtil = new Utility();
// 			$objUtil->HandleException($e);
// 		}
// 	}

// 	function UpdatePassword($nUserID, $strPassword)
// 	{
// 		try
// 		{
// 			$strSQL = "update login " .
// 				"set password = '" . $this->objDatabase->EscapeString($strPassword) . "' " .
// 				"where user_id = " . $nUserID;
// 			$this->objDatabase->ExecuteSQL($strSQL);
// 			return;
// 		}
// 		catch (Exception $e) {
// 			$objUtil = new Utility();
// 			$objUtil->HandleException($e);
// 		}		
// 	}

	function CreateSession($sUserName, $sPassword)
	{
		$rsRows = $this->AuthenticateLogin($sUserName, $sPassword);
		// echo("***" . $rsRows["login_id"]); 
		if (false != $rsRows)
		{
			$sSQL = "select uuid()";
			$this->m_oDatabase->ExecuteSQL($sSQL);
			$aRow = $this->m_oDatabase->NextRow();
			$sUUID = $aRow["uuid()"];
			$sSQL = "insert into Sessions (login_id, session_id, timestamp) values " .
				"(" . $rsRows["login_id"] . ",'" . $sUUID . "', now())";
// 			echo($sSQL);
			$this->m_oDatabase->ExecuteSQL($sSQL);
			$_SESSION["SESSION_ID"] = $sUUID;
			// set session variables
// 			session_start();
// 			$_SESSION["SESSION"] = "";
// 			$_SESSION["SESSION_SSN"] = $rsRows["coach_ssn"];
// 			$_SESSION["SESSION_PASS"] = $rsRows["coach_password"];
// 			$_SESSION["SESSION_USER_ID"] = $rsRows["coach_ssn"];
// 			$_SESSION["SESSION_USER_F_NAME"] = $rsRows["coach_f_name"];
// 			$_SESSION["SESSION_USER_L_NAME"] = $rsRows["coach_l_name"];
// 			$_SESSION["SESSION_LEVEL"] = $rsRows["level"];
// 			$_SESSION["SESSION_USER"] = $rsRows["coach_f_name"] . "_" . $rsRows["coach_l_name"];
// 			$_SESSION["SESSION_USER_EMAIL"] = $rsRows["coach_email"];
// 			setcookie("user", $rsRows["coach_ssn"]);
// 			setcookie("password", $rsRows["coach_password"]);
			//
// 			$strSQL = "insert into coach_stats (stat_id, coach_ssn, access_date) " .
// 				"values ('', '" . $rsRows["coach_ssn"] . "', NOW());";
// 			$bResult = $this->objDatabase->ExecuteSQL($strSQL);
			return true;
		}
		return false;
	}
}

?>